« SSL Labs Updates SSL/TLS Deployment Best Practices Doc | Main | Apache Tomcat 7.0.40 Released »

05/07/2013

Apache Tomcat 6.0.37 Released

The Apache Tomcat team released version 6.0.37, which primarily contains bug fixes but also includes some security fixes.

One of the neat enhancements in this release is the addition of the SSLHonorCipherOrder directive, which lets the administrator pin the order that ssl encryption ciphers will be offered to ssl clients. With it, you can now configure tomcat to prioritize RC4 encryption ciphers if you're looking to do some BEAST remediation. 

Another SSL-related change in this release is that you can now disable TLS Compression on the APR connector (assuming you're using a version of OpenSSL that allows you to disable TLS compression). This can help provide additional protection against the CRIME attack/vulnerability.

See the Apache Tomcat 6 Changelog for all the enhancments and fixes in this release and you can download source and binaries from a tomcat 6 mirror site.

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a01156fbc6fe6970c017eeae4c274970d

Listed below are links to weblogs that reference Apache Tomcat 6.0.37 Released:

Comments